1
0

MountPublicLinkController.php 6.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  5. * SPDX-License-Identifier: AGPL-3.0-only
  6. */
  7. namespace OCA\FederatedFileSharing\Controller;
  8. use OCA\DAV\Connector\Sabre\PublicAuth;
  9. use OCA\FederatedFileSharing\AddressHandler;
  10. use OCA\FederatedFileSharing\FederatedShareProvider;
  11. use OCP\AppFramework\Controller;
  12. use OCP\AppFramework\Http;
  13. use OCP\AppFramework\Http\Attribute\BruteForceProtection;
  14. use OCP\AppFramework\Http\Attribute\NoAdminRequired;
  15. use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
  16. use OCP\AppFramework\Http\Attribute\OpenAPI;
  17. use OCP\AppFramework\Http\Attribute\PublicPage;
  18. use OCP\AppFramework\Http\JSONResponse;
  19. use OCP\Constants;
  20. use OCP\Federation\ICloudIdManager;
  21. use OCP\HintException;
  22. use OCP\Http\Client\IClientService;
  23. use OCP\IL10N;
  24. use OCP\IRequest;
  25. use OCP\ISession;
  26. use OCP\IUserSession;
  27. use OCP\Share\IManager;
  28. use OCP\Share\IShare;
  29. use Psr\Log\LoggerInterface;
  30. /**
  31. * Class MountPublicLinkController
  32. *
  33. * convert public links to federated shares
  34. *
  35. * @package OCA\FederatedFileSharing\Controller
  36. */
  37. #[OpenAPI(scope: OpenAPI::SCOPE_FEDERATION)]
  38. class MountPublicLinkController extends Controller {
  39. /**
  40. * MountPublicLinkController constructor.
  41. */
  42. public function __construct(
  43. string $appName,
  44. IRequest $request,
  45. private FederatedShareProvider $federatedShareProvider,
  46. private IManager $shareManager,
  47. private AddressHandler $addressHandler,
  48. private ISession $session,
  49. private IL10N $l,
  50. private IUserSession $userSession,
  51. private IClientService $clientService,
  52. private ICloudIdManager $cloudIdManager,
  53. private LoggerInterface $logger,
  54. ) {
  55. parent::__construct($appName, $request);
  56. }
  57. /**
  58. * send federated share to a user of a public link
  59. *
  60. * @param string $shareWith Username to share with
  61. * @param string $token Token of the share
  62. * @param string $password Password of the share
  63. * @return JSONResponse<Http::STATUS_OK, array{remoteUrl: string}, array{}>|JSONResponse<Http::STATUS_BAD_REQUEST, array{message: string}, array{}>
  64. *
  65. * 200: Remote URL returned
  66. * 400: Creating share is not possible
  67. */
  68. #[NoCSRFRequired]
  69. #[PublicPage]
  70. #[BruteForceProtection(action: 'publicLink2FederatedShare')]
  71. public function createFederatedShare($shareWith, $token, $password = '') {
  72. if (!$this->federatedShareProvider->isOutgoingServer2serverShareEnabled()) {
  73. return new JSONResponse(
  74. ['message' => 'This server doesn\'t support outgoing federated shares'],
  75. Http::STATUS_BAD_REQUEST
  76. );
  77. }
  78. try {
  79. [, $server] = $this->addressHandler->splitUserRemote($shareWith);
  80. $share = $this->shareManager->getShareByToken($token);
  81. } catch (HintException $e) {
  82. $response = new JSONResponse(['message' => $e->getHint()], Http::STATUS_BAD_REQUEST);
  83. $response->throttle();
  84. return $response;
  85. }
  86. // make sure that user is authenticated in case of a password protected link
  87. $storedPassword = $share->getPassword();
  88. $authenticated = $this->session->get(PublicAuth::DAV_AUTHENTICATED) === $share->getId() ||
  89. $this->shareManager->checkPassword($share, $password);
  90. if (!empty($storedPassword) && !$authenticated) {
  91. $response = new JSONResponse(
  92. ['message' => 'No permission to access the share'],
  93. Http::STATUS_BAD_REQUEST
  94. );
  95. $response->throttle();
  96. return $response;
  97. }
  98. if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) {
  99. $response = new JSONResponse(
  100. ['message' => 'Mounting file drop not supported'],
  101. Http::STATUS_BAD_REQUEST
  102. );
  103. $response->throttle();
  104. return $response;
  105. }
  106. $share->setSharedWith($shareWith);
  107. $share->setShareType(IShare::TYPE_REMOTE);
  108. try {
  109. $this->federatedShareProvider->create($share);
  110. } catch (\Exception $e) {
  111. $this->logger->warning($e->getMessage(), [
  112. 'app' => 'federatedfilesharing',
  113. 'exception' => $e,
  114. ]);
  115. return new JSONResponse(['message' => $e->getMessage()], Http::STATUS_BAD_REQUEST);
  116. }
  117. return new JSONResponse(['remoteUrl' => $server]);
  118. }
  119. /**
  120. * ask other server to get a federated share
  121. *
  122. * @param string $token
  123. * @param string $remote
  124. * @param string $password
  125. * @param string $owner (only for legacy reasons, can be removed with legacyMountPublicLink())
  126. * @param string $ownerDisplayName (only for legacy reasons, can be removed with legacyMountPublicLink())
  127. * @param string $name (only for legacy reasons, can be removed with legacyMountPublicLink())
  128. * @return JSONResponse
  129. */
  130. #[NoAdminRequired]
  131. public function askForFederatedShare($token, $remote, $password = '', $owner = '', $ownerDisplayName = '', $name = '') {
  132. // check if server admin allows to mount public links from other servers
  133. if ($this->federatedShareProvider->isIncomingServer2serverShareEnabled() === false) {
  134. return new JSONResponse(['message' => $this->l->t('Server to server sharing is not enabled on this server')], Http::STATUS_BAD_REQUEST);
  135. }
  136. $cloudId = $this->cloudIdManager->getCloudId($this->userSession->getUser()->getUID(), $this->addressHandler->generateRemoteURL());
  137. $httpClient = $this->clientService->newClient();
  138. try {
  139. $response = $httpClient->post($remote . '/index.php/apps/federatedfilesharing/createFederatedShare',
  140. [
  141. 'body' =>
  142. [
  143. 'token' => $token,
  144. 'shareWith' => rtrim($cloudId->getId(), '/'),
  145. 'password' => $password
  146. ],
  147. 'connect_timeout' => 10,
  148. ]
  149. );
  150. } catch (\Exception $e) {
  151. if (empty($password)) {
  152. $message = $this->l->t("Couldn't establish a federated share.");
  153. } else {
  154. $message = $this->l->t("Couldn't establish a federated share, maybe the password was wrong.");
  155. }
  156. return new JSONResponse(['message' => $message], Http::STATUS_BAD_REQUEST);
  157. }
  158. $body = $response->getBody();
  159. $result = json_decode($body, true);
  160. if (is_array($result) && isset($result['remoteUrl'])) {
  161. return new JSONResponse(['message' => $this->l->t('Federated Share request sent, you will receive an invitation. Check your notifications.')]);
  162. }
  163. // if we doesn't get the expected response we assume that we try to add
  164. // a federated share from a Nextcloud <= 9 server
  165. $message = $this->l->t("Couldn't establish a federated share, it looks like the server to federate with is too old (Nextcloud <= 9).");
  166. return new JSONResponse(['message' => $message], Http::STATUS_BAD_REQUEST);
  167. }
  168. }